Home
Support
Product Support
Routers
Cisco 8000 Series Routers
Configuration Guides

Traffic Mirroring Configuration Guide for Cisco 8000 Series Routers, Cisco IOS XR Release

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Preface

Using YANG Data Models

Getting Started with Traffic Mirroring

Traffic mirroring
Configuration guidelines for traffic mirroring
Restrictions for traffic mirroring
Traffic mirroring terminology
Traffic mirroring types
How traffic mirroring works

ACL-based traffic mirroring

ACL-based traffic mirroring
How ACL-based traffic mirroring works
Configure ACLs for traffic mirroring
Configure layer 3 ACL-based traffic mirroring
Attach a source interface
Multiple SPAN ACL sessions for MPLS

Local SPAN

Local SPAN
Configuration guidelines for local SPAN
Restrictions for local SPAN
Configure local SPAN
Local SPAN with ACLs
Local SPAN rate limit

ERSPAN

ERSPAN
Configuration guidelines for ERSPAN
Restrictions for ERSPAN
Supported ERSPAN sessions
ERSPAN over GRE
Partial packet capture for ERSPAN
ERSPAN with flexible CLI
ERSPAN rate limit
ERSPAN rate-limit per destination
Traffic mirroring with DSCP
Monitor ERSPAN sessions with SPAN and security ACLs
Selective packet capture for protocol and drops

SPAN to file

SPAN to file
Always-On SPAN to file with periodic write
SPAN to file with unique capture

Mirror forward-drop packets

Mirror forward-drop packets
Guidelines for mirroring forward-drop packets
Restrictions for mirroring forward-drop packets
Configure forward-drop packets

Mirror buffer drop packets

Mirror buffer drop packets
Guidelines for mirroring buffer drop packets
Configure buffer drop packets mirroring for SPAN to file
Configure buffer drop packets mirroring for ERSPAN

File Mirroring

File mirroring
Restrictions for file mirroring
Configure file mirroring

How to troubleshoot traffic mirroring

Troubleshoot traffic mirroring issues
Additional debug commands

ERSPAN

Updated: February 5, 2026

Overview

This chapter, Encapsulated Remote Switched Port Analyzer (ERSPAN), explains its function in mirroring network traffic via GRE tunnels for analysis. It covers features like higher payload support, GRE IPv6 and MPLS integration, partial packet capture, rate limiting, DSCP-based traffic classification, and multi-session monitoring with ACLs.

ERSPAN

This section explains how Encapsulated Remote Switched Port Analyzer (ERSPAN) monitors and mirrors network traffic from source ports to remote destinations via GRE tunnels. This feature enables real-time troubleshooting and automated analysis of specific network flows.

Configuration guidelines for ERSPAN

This section provides essential guidelines for configuring ERSPAN, including requirements for source and destination interfaces, supported traffic types, and encapsulation methods. Use these principles to ensure proper setup and functionality of remote traffic mirroring sessions.

Restrictions for ERSPAN

This section provides a list of limitations and restrictions for ERSPAN, such as unsupported traffic accounting and specific interface requirements for GRE next hops. Review these constraints to ensure your network configuration supports successful traffic mirroring.

Supported ERSPAN sessions

This section provides tables detailing the number of supported ERSPAN, local SPAN, and combined SPAN sessions across different software releases. Use this information to understand session limits based on your specific hardware and software version.

ERSPAN over GRE

This section explains how ERSPAN over GRE IPv6 enables the secure encapsulation and mirroring of IPv4 or IPv6 traffic.

Partial packet capture for ERSPAN

This section explains how partial packet capture allows ERSPAN to capture only a portion of incoming packets rather than the entire payload.

ERSPAN with flexible CLI

This section explains how the flexible CLI option for ERSPAN consolidates session properties, tunnel properties, and source interfaces into a standalone configuration object.

ERSPAN rate limit

This section explains how the ERSPAN rate limit feature prevents network congestion by controlling the amount of mirrored traffic sent to destinations.

ERSPAN rate-limit per destination

This section explains how to apply rate limits per source NPU to control the volume of mirrored traffic sent to ERSPAN destinations.

Traffic mirroring with DSCP

This section explains how traffic mirroring uses Differentiated Service Code Point (DSCP) values to classify and prioritize network traffic. By assigning different priority levels to packets, you can enhance the Quality of Service (QoS) for mirrored data.

Monitor ERSPAN sessions with SPAN and security ACLs

This section explains how to use SPAN and security ACLs together to monitor multiple ERSPAN sessions under the same source interface. This functionality allows you to distribute mirrored traffic across different destination interfaces while selectively allowing incoming traffic.

Selective packet capture for protocol and drops

This section explains how selective packet capture allows you to monitor specific network packets by filtering based on directions and protocol-specific attributes. Use this feature to optimize SPAN sessions, reduce mirrored traffic volume, and improve network troubleshooting efficiency.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.